Sign in with
Sign up | Sign in
Your question

authentication in AD problem

Tags:
  • Authentication
  • Active Directory
  • Windows
Last response: in Windows 2000/NT
Share
Anonymous
March 15, 2005 5:15:00 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi, we have a Windows 2000 Active Directory implemented. My company is
planning to create an intranet application and give a possibility to our
clients (and they have accounts in our AD) to log on from internet and use
that application. So, that app. will be placed in DMZ and IIS (placed in DMZ
to) will have to have an ability to LDAP query AD if that particular user is
authorized to use that app. and if password is ok. We are testing secure
LDAP query and it works fine. There is only one problem for as. If someone
break in on that server in DMZ, he will have an access to our AD and that is
what we do not wont!

I'm looking for some secure solution:) 

PLEASE HELP
Thank's in advance!
adbos

More about : authentication problem

Anonymous
March 15, 2005 5:15:01 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

We use AD and ONT's UIdP. It secures websites and authentication is
integrated with AD. They are a gold partner with Microsoft. It isn't
perfect but it is the best solution we could find. Just a small ISAPI
filter is loaded on the web server in the dmz and all else is done
internally, so you are well protected.

see:
http://www.opennetwork.com/

--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.



"adbos" <allemagnus@wp.pl> wrote in message
news:D 16n0k$g76$1@inews.gazeta.pl...
> Hi, we have a Windows 2000 Active Directory implemented. My company is
> planning to create an intranet application and give a possibility to our
> clients (and they have accounts in our AD) to log on from internet and use
> that application. So, that app. will be placed in DMZ and IIS (placed in
DMZ
> to) will have to have an ability to LDAP query AD if that particular user
is
> authorized to use that app. and if password is ok. We are testing secure
> LDAP query and it works fine. There is only one problem for as. If someone
> break in on that server in DMZ, he will have an access to our AD and that
is
> what we do not wont!
>
> I'm looking for some secure solution:) 
>
> PLEASE HELP
> Thank's in advance!
> adbos
>
>
Anonymous
March 15, 2005 6:28:06 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

thank you for your reply. i dont understand this "ONT's UIdP". i understand
that ONT is some company and UIdP is a product of that company, but i cant
find in on internet so, please, could you be more precise..
thank you very much
adbos



"Paul Bergson" <pbergson_nospam@allete.com> wrote in message
news:ui4%231jWKFHA.2716@TK2MSFTNGP15.phx.gbl...
> We use AD and ONT's UIdP. It secures websites and authentication is
> integrated with AD. They are a gold partner with Microsoft. It isn't
> perfect but it is the best solution we could find. Just a small ISAPI
> filter is loaded on the web server in the dmz and all else is done
> internally, so you are well protected.
>
> see:
> http://www.opennetwork.com/
>
> --
>
> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>
>
> "adbos" <allemagnus@wp.pl> wrote in message
> news:D 16n0k$g76$1@inews.gazeta.pl...
> > Hi, we have a Windows 2000 Active Directory implemented. My company is
> > planning to create an intranet application and give a possibility to our
> > clients (and they have accounts in our AD) to log on from internet and
use
> > that application. So, that app. will be placed in DMZ and IIS (placed in
> DMZ
> > to) will have to have an ability to LDAP query AD if that particular
user
> is
> > authorized to use that app. and if password is ok. We are testing secure
> > LDAP query and it works fine. There is only one problem for as. If
someone
> > break in on that server in DMZ, he will have an access to our AD and
that
> is
> > what we do not wont!
> >
> > I'm looking for some secure solution:) 
> >
> > PLEASE HELP
> > Thank's in advance!
> > adbos
> >
> >
>
>
Anonymous
March 15, 2005 6:34:44 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

ups:) 
i didn't see url...
thank you:) 

"adbos" <allemagnus@wp.pl> wrote in message
news:D 16r9o$8ne$1@inews.gazeta.pl...
> thank you for your reply. i dont understand this "ONT's UIdP". i
understand
> that ONT is some company and UIdP is a product of that company, but i cant
> find in on internet so, please, could you be more precise..
> thank you very much
> adbos
>
>
>
> "Paul Bergson" <pbergson_nospam@allete.com> wrote in message
> news:ui4%231jWKFHA.2716@TK2MSFTNGP15.phx.gbl...
> > We use AD and ONT's UIdP. It secures websites and authentication is
> > integrated with AD. They are a gold partner with Microsoft. It isn't
> > perfect but it is the best solution we could find. Just a small ISAPI
> > filter is loaded on the web server in the dmz and all else is done
> > internally, so you are well protected.
> >
> > see:
> > http://www.opennetwork.com/
> >
> > --
> >
> > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> >
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> >
> >
> >
> > "adbos" <allemagnus@wp.pl> wrote in message
> > news:D 16n0k$g76$1@inews.gazeta.pl...
> > > Hi, we have a Windows 2000 Active Directory implemented. My company is
> > > planning to create an intranet application and give a possibility to
our
> > > clients (and they have accounts in our AD) to log on from internet and
> use
> > > that application. So, that app. will be placed in DMZ and IIS (placed
in
> > DMZ
> > > to) will have to have an ability to LDAP query AD if that particular
> user
> > is
> > > authorized to use that app. and if password is ok. We are testing
secure
> > > LDAP query and it works fine. There is only one problem for as. If
> someone
> > > break in on that server in DMZ, he will have an access to our AD and
> that
> > is
> > > what we do not wont!
> > >
> > > I'm looking for some secure solution:) 
> > >
> > > PLEASE HELP
> > > Thank's in advance!
> > > adbos
> > >
> > >
> >
> >
>
>
!